Introduction: As a vertically integrated cannabis plant touching business owner/operator, you were thrilled when you learned you had been approved for all three license categories; cultivation, manufacturing & dispensary (retail). As with many who apply, you recognized the potential economies available to you, the growth/expansion potential from having seed to sale integration. And, the potential risk management advantages from being able to better control supply chain risk.
However………….
The realization of the size & complexity of regulatory compliance responsibilities/burden was like a big Salvy splash of cold Gatorade after your walk off grand slam of winning the license lottery game. Your dreams of adding additional locations, even maybe one day sticking your toe in the MSO raging rough waters all of a sudden felt like just that; only fantasies. Like instantly going from Indica mellow to full-blown, 35 MG Sativa fits of “paranoia”.
Time for a “Bobby Baseball” moment.
Just take a step back, take a deep, deep breath and twirl that bat a few times. You know, just like Witt, Jr does.
I’ve got some tools & hacks I’m going to share with you over the coming weeks that should help ease your stress and guide you to a comfort level. In terms of internal accounting & financial reporting controls, the task is not as daunting as you might think.
Premise:
This introductory article & those that follow are intended to deliver clear, concise and actionable insights into the necessity of, the power from, and the enterprise value ROI payback on the Cycle approach to building/maintaining a robust system of cannabis internal controls that:
- Supports & is an essential element of cannabis regulatory compliance.
- Facilitates GAAP compliant, relevant & value-centric financial & operating reporting.
- Demonstrates organization-wide commitment to financial reporting integrity.
- Positions your cannabis venture for better access to more cash flow “friendly,” 3rd party investment capital & secured commercial credit.
- Aligns your firm with the critical perspectives of potential exit source options.
- Provides a good night’s sleep & peace of mind so you can navigate your way to growth & enterprise value.
A well-conceived conceptualization and implementation of Cycle grounded internal controls goes hand in hand with a risk-based approach to regulatory compliance. Properly built and managed, your system of internal controls does not have to place a drain on your highly-stressed/vulnerable cash flow. In fact, quite the contrary.
Over the next several weeks, we will introduce you to the best practices approach of incorporating the COSO and the ACCCE frameworks. Reality is they complement each other in so many aspects and implementing these concepts in a well-planned, committed way pays for itself. Moreover, I would suggest that the failure to do so very well may increase the possibility (probability?) of a catastrophic, unmitigated risk event.
Our industry is exciting, rapidly changing and full of opportunity. It’s young, highly dynamic but loaded with industry conditions that are uncertain and extremely risky. That’s gonna continue for awhile. Yet, compounding that risk with a weak system of internal accounting & reporting controls accelerates survival risk even more.
Trust me on this…..
Your dreams of more affordable, friendly and traditional secured commercial credit financing likely won’t come true if you opt to ignore the lessons we intend to share.
Cannabis Risk Management-What is the COSO Internal Control Framework & How Does It Apply?
https://www.coso.org/guidance-on-ic
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control—Integrated Framework, originally issued in 1992 and refreshed in 2013 (ICIF-2013 or Framework), was developed as guidance to help improve confidence in all types of data and information. This framework was revised and reissued in May 2013. Over the years, COSO continued to issue other publications pertaining to internal controls, including thought leadership such as Internal Control over Financial Reporting — Guidance for Smaller Public Companies Guidance on Monitoring Internal Control Systems
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five private sector organizations:
COSO is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence.
Effective implementation of a “COSO compliant” system accelerates the delivery of numerous, tangible & measurable cannabis value-added internal control/risk management paybacks, including:
- Evaluation & on-going monitoring of the cannabis firm control structure.
- Economical & effective controls consistent with, & derived from the established cannabis firm Board risk appetite.
- A dynamic system that as it matures, will help ride the rough waters of an ever-changing legal cannabis industry.
- Support of overall cannabis enterprise risk management (ERM) including application of ACCCE CRMF compliant governance.
- Tighter antifraud controls within an industry highly susceptible to it.
- A well-documented, easily replicated system that can facilitate more efficient location expansion & entry into multi-state markets.
The COSO internal control framework consists of five categories/components and 17 principles that operate together in an integrated manner:
Moreover, the beauty of building a “COSO compliant” internal control system is it can & should fit perfectly within an ACCCE CRMF constructed cannabis ERM structure, while facilitating a Cycle approach to control assurance activities:
The Cycle Approach to Cannabis Internal Control Assurance
Our focus in this article and the others to follow, is the integrity, the reliability of our financial reporting, consistent & compliant with Generally Accepted Accounting Principles (GAAP). Should you desire to fund your cannabis venture with 3rd party commercial credit & more traditional venture/private equity capital, consider this an over-riding imperative and prerequisite to that effort.
Remember, like or not there is a ton of highly-volatile industry risk within the legal cannabis space. Compounding this risk with financials we can’t trust just isn’t a smart thing to do. In my opinion, a failure to build & maintain a rock solid cannabis internal control system will likely doom our venture to eventual failure. We won’t survive without it, and we certainly won’t attract others to help fund our growth ambitions.
To help focus our thinking, we have a very handy hack/tool that provides an overview to the Cycle assurance approach: https://www.linkedin.com/feed/update/urn:li:activity:7236811188301357056/
Cycles of business activity are groupings of similar economic events. These events “live” within a web of transactions, systems, processing procedures, interfaces and data bases. The five primary business cycles shown in the introductory image above reflect economic events that are converted into related types of transactions that are processed through a cannabis firm’s accounting system to generate financial statements. Virtually every possible type of business transaction can be categorized into one of these five business cycles.
In addition to processing transactions, the cycles usually exercise physical control over the cannabis firm’s assets:
- Treasury-custodian over cash & securities
- Conversion-access to inventories & property
- Revenue-Custody over cash & cash items received from customers until transferred to Treasury
The Financial Reporting Cycle does not process transactions, rather it reports the results of transaction processing. Also, this Cycle involves economic events that do not create transactions per se but are reflected in the cannabis financial statements.
The Cycle approach to internal control assurance activities is highly efficient, resource sensitive and it facilitates the on-going monitoring of the effectiveness of the cannabis firm’s system as an essential part of the overall cannabis ERM. Cycles provide a common basis for communications across departmental, divisional and other organizational units. This is particularly critical for multi-location cannabis ventures, as well as MSOs.
Fortunately, the COSO framework has some very solid tools for helping us map controls using the Cycle approach. We will share sample cycle mapping tools for internal control evaluation & monitoring in the coming supplemental articles.
Summary/Preview of Coming Attractions
Over the coming weeks, please keep your eyes peeled for more hacks/tools that will concentrate on the six Cycles, Cycle control matrix/mapping examples, sample Cycle control evaluation worksheets, & reporting formats. We will incorporate concepts from each of the COSO and ACCCE frameworks, & risk identification/mitigation controls. Remember that Cycle controls can be preventive, detective, or risk event mitigating each of which are the byproduct of the overall cannabis ERM system, consistent with the cannabis Board risk appetite codified & in place.
Leading off/next up….
Treasury Cycle
Always Beside You
Value$Canna CFO LLC is a specialty cannabis CFO services/consulting firm that delivers accounting and financial reporting, risk management advisory, CFO contributions & cannabis value driver/KPI dashboards to cannabis business owners and their team members. Tony Wayne is an active member/committee contributor to numerous cannabis professional & trade associations, and he holds various cannabis & professional certifications including CPA, CVA, CFF, CCCE & CSC. https://www.valuecannacfo.com/